package com.dianplus.biz.auth.config;


import com.dianplus.biz.config.IgnoredUrlsProperties;
import com.dianplus.biz.security.oauth2.BaseResourceServerConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;


@Configuration
public class ResourceServerConfig extends BaseResourceServerConfig {

    @Autowired
    private IgnoredUrlsProperties ignoredUrlsProperties;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
                .authorizeRequests();

        // 除配置文件忽略路径其它所有请求都需经过认证和授权 放到config-repo 可以动态改变
        for(String url : ignoredUrlsProperties.getUrls()) {
            registry.antMatchers(url).permitAll();
        }
        registry.and()
                .httpBasic();
    }

}
